Regularly, in the news today, there are stories about major companies being hacked, their customer data stolen, and their customers left stranded. Hackers commonly use data stolen from one site to access others where login credentials have been reused between accounts. In some cases, access to bank accounts has been gained simply by using a compromised email account.
Businesses and individuals can face significant losses simply because a third party outside their control has been hacked or compromised.
The Danger of Old Passwords
MySpace is a key example of why old and possibly forgotten services pose a security danger when passwords haven't been regularly changed. Once a thriving popular network, the use of MySpace services declined drastically from 2007 onwards. While many people moved to new social networks, old accounts typically remained abandoned on their servers. Hundreds of millions of accounts remained on MySpace servers many years past the firm's peak. In 2016, MySpace suffered a data leak which exposed usernames, emails, and passwords of 360 million user accounts. Shortly after the hack, these details were published online for anyone to see. Many were used to access email accounts, servers, and accounts that shared the same details.
Even if you have never had a MySpace or social media account personally, how many of your employees or coworkers have one or more? Many have had more social media, forum, or game accounts than they care to remember. Have their passwords been updated since 2016? Your business network protects your systems, work, and intellectual property. For many firms it's the single most critical component, the backbone to business operations. Keeping it secure regardless of the number of people, staff or clients using it is a crucial task. Consider how many people currently have access and how many of those may reuse their password on another website or service. Just reusing your password once can expose you to the hacking of a third party entirely out of your control.
Good security practice is to use a unique and strong password for every login you use. A strong password should include, where possible, capital letters, lowercase letters, numbers, and character symbols. Many consider this impractical or even impossible, but it is entirely achievable for every firm.
It is clearly impossible to manually remember a strong password for each one of the dozens of logins needed today. Few would even attempt to. A password manager makes storing, retrieving, and using unique passwords easy. When using a password manager, an individual is required to remember only one single strong password to access a database which contains a different login password for each service. This database can be synced between multiple devices, saved and backed up to the cloud, and even used to create strong passwords for you.
Password managers can be used to implement security policies that demand zero password reuse, between services or over time, and set strict limits over the duration a password can last. With the right policies in place, both your business and your employees are protected against attacks from hackers that have compromised third-party sites. The maximum recommended lifetime of a password for any service is a single year. Make the start of the calendar year the time which you refresh your passwords and start new.
To help keep on top of your security and make sure your firm is safe well into the new year, give us a call at 715-255-0325.